coin/coin/members/models.py

# -*- coding: utf-8 -*-
import ldapdb.models
import unicodedata
import string
import datetime
from django.db import models
from django.db.models import Q
from django.db.models.signals import pre_save
from django.dispatch import receiver
from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin, BaseUserManager
from ldapdb.models.fields import CharField, IntegerField, ListField
from south.modelsinspector import add_ignored_fields
from coin.offers.models import OfferSubscription
from coin.mixins import CoinLdapSyncMixin
from coin import utils
from django.contrib.auth.signals import user_logged_in
from django.conf import settings

class CoinUserManager(BaseUserManager):
    def create_user(self, login, first_name, last_name, email, password=None):
        """
        """
        if not login:
            raise ValueError('Users must have a login')
        if not email:
            raise ValueError('Users must have an email address')
        if not first_name:
            raise ValueError('Users must have a first name')
        if not last_name:
            raise ValueError('Users must have a last name')
        
        user = self.model(
            login=login,
            email=self.normalize_email(email),
            first_name=first_name,
            last_name=last_name,
        )

        user.set_password(password, ldap=False)
        user.save(using=self._db)
        user.set_ldap_password(password)
        return user

    def create_superuser(self, login, first_name, last_name, email, password):
        """
        Creates and saves a superuser
        """
        user = self.create_user(
            login=login,
            email=email,
            first_name=first_name,
            last_name=last_name,
            password=password
        )
        user.status = 'member'
        user.is_superuser = True
        user.is_staff = True
        user.save(using=self._db)
        return user


class Member(CoinLdapSyncMixin, AbstractBaseUser, PermissionsMixin):

    USERNAME_FIELD = 'login'
    REQUIRED_FIELDS = ['first_name', 'last_name', 'email', ]

    MEMBER_TYPE_CHOICES = (
        ('natural_person', 'Personne physique'),
        ('legal_entity', 'Personne morale'),
    )
    MEMBER_STATUS_CHOICES = (
        ('member', 'Adhérent'),
        ('not_member', 'Non adhérent'),
        ('pending', "Demande d'adhésion"),
    )

    objects = CoinUserManager()
    is_active = models.BooleanField(default=True)
    is_staff = models.BooleanField(default=False)

    status = models.CharField(max_length=50, choices=MEMBER_STATUS_CHOICES,
                              default='pending')
    type = models.CharField(max_length=20, choices=MEMBER_TYPE_CHOICES,
                            default='natural_person')
    first_name = models.CharField(max_length=200, verbose_name=u'Prénom')
    last_name = models.CharField(max_length=200, verbose_name=u'Nom')
    login = models.CharField(max_length=200, unique=True, null=True,
                               blank=True,
                               verbose_name='login',
                               help_text='Login. Clé avec le LDAP. Laisser vide pour '
                               'le générer automatiquement')
    organization_name = models.CharField(max_length=200, blank=True,
                                         verbose_name='Nom de l\'organisme',
                                         help_text='Pour une personne morale')
    email = models.EmailField(max_length=254, verbose_name=u'Courriel')
    home_phone_number = models.CharField(max_length=25, blank=True,
                                         verbose_name=u'Téléphone fixe')
    mobile_phone_number = models.CharField(max_length=25, blank=True,
                                           verbose_name=u'Téléphone mobile')
    # TODO: use a django module that provides an address model? (would
    # support more countries and address types)
    address = models.TextField(verbose_name=u'Adresse', blank=True, null=True)
    postal_code = models.CharField(max_length=15, blank=True, null=True,
                                   verbose_name=u'Code postal')
    city = models.CharField(max_length=200, blank=True, null=True,
                            verbose_name=u'Commune')
    country = models.CharField(max_length=200, blank=True, null=True,
                               default='France',
                               verbose_name=u'Pays')
    entry_date = models.DateField(null=False,
                                  blank=False,
                                  default=datetime.date.today,
                                  verbose_name='Date de première adhésion')
    # TODO: for data retention, prevent deletion of a user object while
    # the resign date is recent enough (e.g. one year in France).
    resign_date = models.DateField(null=True, blank=True,
                                   verbose_name='Date de départ de '
                                   'l\'association')


    def __unicode__(self):
        name = self.first_name + ' ' + self.last_name
        if self.organization_name:
            name += ' (%s)' % self.organization_name
        return name

    def get_full_name(self):
        return '%s %s' % (self.first_name, self.last_name)

    def get_short_name(self):
        return '%s' % self.login

    # Renvoie la date de fin de la dernière cotisation du membre
    def end_date_of_membership(self):
        try:
            return self.membership_fees.order_by('-end_date')[0].end_date
        #TODO: bad practice de tout matcher comme ca
        except:
            return None

    def is_paid_up(self):
        """
        True si le membre est à jour de cotisation. False sinon
        """
        if self.end_date_of_membership() \
                and self.end_date_of_membership() >= datetime.date.today():
            return True
        else:
            return False

    def set_password(self, new_password, ldap=True, *args, **kwargs):
        """
        Override set_password in order to change password in ldap too
        """
        super(Member, self).set_password(new_password, *args, **kwargs)
        if ldap:
            self.set_ldap_password(new_password)

    def set_ldap_password(self, new_password):
        """
        Change password in LDAP
        """
        ldap_user = LdapUser.objects.get(pk=self.login)
        ldap_user.password = new_password
        ldap_user.save()
        
    def get_active_subscriptions(self, date=datetime.date.today()):
        """
        Return list of OfferSubscription which are active today
        """
        return OfferSubscription.objects.filter(
            Q(member__exact=self.pk),
            Q(subscription_date__lte=date),
            Q(resign_date__isnull=True) | Q(resign_date__gte=date))

    def get_automatic_login(self):
        """
        Calcul le login / ldap cn automatiquement en fonction
        du nom et du prénom
        """
        # Première lettre de chaque partie du prénom
        first_name_letters = ''.join(
            [c[0] for c in self.first_name.split('-')]
        )
        # Concaténer avec nom de famille
        login = ('%s%s' % (first_name_letters, self.last_name))
        # Remplacer ou enlever les caractères non ascii
        login = unicodedata.normalize('NFD', login)\
            .encode('ascii', 'ignore')
        # Enlever ponctuation et espace
        login = login.translate(None, string.punctuation + ' ')
        # En minuscule
        login = login.lower()

        return login

    def sync_to_ldap(self, creation):
        """
        Update LDAP data when a member is saved
        """

        assert self.login, ('Can\'t sync with LDAP because missing login '
                              'value for the Member : %s' % self)

        if not creation:
            ldap_user = LdapUser.objects.get(pk=self.login)

        if creation:
            max_uid_number = LdapUser.objects.order_by('-uidNumber')[0].uidNumber

            ldap_user = LdapUser()
            ldap_user.pk = self.login
            ldap_user.uid = self.login
            ldap_user.nick_name = self.login
            ldap_user.uidNumber = max_uid_number + 1

        ldap_user.last_name = self.last_name
        ldap_user.first_name = self.first_name
        ldap_user.save()

        if creation:
            ldap_group = LdapGroup.objects.get(pk='coin')
            ldap_group.members.append(ldap_user.pk)
            ldap_group.save()

    def delete_from_ldap(self):
        """
        Delete member from the LDAP
        """
        assert self.login, ('Can\'t delete from LDAP because missing '
                              'login value for the Member : %s' % self)

        # Lorsqu'un membre est supprimé du SI, son utilisateur LDAP
        # correspondant est sorti du groupe "coin" afin qu'il n'ait plus
        # accès au SI
        ldap_group = LdapGroup.objects.get(pk='coin')
        if self.login in ldap_group.members:
            ldap_group.members.remove(self.login)
            ldap_group.save()

    def has_perm(self, perm, obj=None):
        "Does the user have a specific permission?"
        # Simplest possible answer: Yes, always
        return True

    def has_module_perms(self, app_label):
        "Does the user have permissions to view the app `app_label`?"
        # Simplest possible answer: Yes, always
        return True

    class Meta:
        verbose_name = 'membre'


class CryptoKey(models.Model):

    KEY_TYPE_CHOICES = (('RSA', 'RSA'), ('GPG', 'GPG'))

    type = models.CharField(max_length=3, choices=KEY_TYPE_CHOICES)
    key = models.TextField(verbose_name=u'Clé')
    member = models.ForeignKey('Member', verbose_name=u'Membre')

    def __unicode__(self):
        return u'Clé %s de %s' % (self.type, self.member)

    class Meta:
        verbose_name = 'clé'


class MembershipFee(models.Model):
    member = models.ForeignKey('Member', related_name='membership_fees',
                               verbose_name=u'Membre')
    #TODO: config: valeur par défaut à externaliser dans la configuration
    amount = models.IntegerField(null=False, default='20', help_text='en €',
                                 verbose_name=u'Montant')
    start_date = models.DateField(
        null=False,
        blank=False,
        default=datetime.date.today,
        verbose_name='Date de début de cotisation')
    end_date = models.DateField(
        null=False,
        blank=False,
        default=datetime.date.today() + datetime.timedelta(365),
        verbose_name='Date de fin de cotisation')

    def __unicode__(self):
        return u'%s - %s - %i€' % (self.member, self.start_date, self.amount)

    class Meta:
        verbose_name = 'cotisation'


class LdapUser(ldapdb.models.Model):
    # TODO: déplacer ligne suivante dans settings.py
    base_dn = "ou=users,ou=unix,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
    object_classes = ['inetOrgPerson', 'organizationalPerson', 'person',
                      'top', 'posixAccount']

    uid = CharField(db_column='uid', unique=True, max_length=255)
    nick_name = CharField(db_column='cn', unique=True, primary_key=True,
                          max_length=255)
    first_name = CharField(db_column='givenName', max_length=255)
    last_name = CharField(db_column='sn', max_length=255)
    display_name = CharField(db_column='displayName', max_length=255,
                             blank=True)
    password = CharField(db_column='userPassword', max_length=255)
    uidNumber = IntegerField(db_column='uidNumber', unique=True)
    gidNumber = IntegerField(db_column='gidNumber', default=2000)
    homeDirectory = CharField(db_column='homeDirectory', max_length=255,
                              default='/tmp')

    def __unicode__(self):
        return self.display_name

    class Meta:
        managed = False  # Indique à South de ne pas gérer le model LdapUser


class LdapGroup(ldapdb.models.Model):
    """
    Class for representing an LDAP group entry.
    """
    #TODO: config à externaliser
    # LDAP meta-data
    base_dn = "ou=groups,ou=unix,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
    object_classes = ['posixGroup']

    # posixGroup attributes
    gid = IntegerField(db_column='gidNumber', unique=True)
    name = CharField(db_column='cn', max_length=200, primary_key=True)
    members = ListField(db_column='memberUid')

    def __unicode__(self):
        return self.name

    class Meta:
        managed = False  # Indique à South de ne pas gérer le model LdapGroup

# Indique à South de ne pas gérer les models LdapUser et LdapGroup
add_ignored_fields(["^ldapdb\.models\.fields"])


@receiver(pre_save, sender=Member)
def define_login(sender, instance, **kwargs):
    """
    Lors de la sauvegarde d'un membre. Si le champ login n'est pas définit,
    le calcul automatiquement en fonction du nom et du prénom
    """
    if not instance.login and not instance.pk:
        instance.login = instance.get_automatic_login()


@receiver(pre_save, sender=LdapUser)
def change_password(sender, instance, **kwargs):
    """
    Lors de la sauvegarde d'un utilisateur Ldap, cette fonction est exécutée
    avant la sauvegarde pour chiffrer le mot de passe s'il est définit
    et s'il n'est pas déjà chiffré
    """
    instance.password = utils.ldap_hash(instance.password)


@receiver(pre_save, sender=LdapUser)
def define_display_name(sender, instance, **kwargs):
    """
    Lors de la sauvegarde d'un utilisateur Ldap, le champ display_name est la
    concaténation de first_name et last_name
    """
    if not instance.display_name:
        instance.display_name = '%s %s' % (instance.first_name,
                                           instance.last_name)


# @receiver(user_logged_in)
# def define_member_user(sender, request, user, **kwargs):
#     """
#     Lorsqu'un utilisateur se connect avec succes, fait le lien entre le membre
#     et l'utilisateur en définissant le champ user du model membre ayant le
#     ldap_cn utilisé pour la connexion
#     """
#     try:
#         member = Member.objects.get(ldap_cn=user.username)
#         if not member.user:
#             member.user = user
#             member.save()
#         elif member.user.username != user.username:
#             raise Exception('Un membre avec cet ldap_cn existe en base de '
#                             'donnée mais l\'utilisateur auquel il est rattaché '
#                             'ne correspond pas.')
#     except Member.DoesNotExist:
#         if not user.is_superuser:
#             raise


#==============================================================================
# @receiver(pre_save, sender = LdapUser)
# def ssha_password(sender, **kwargs):
#     if not kwargs['instance'].password.startswith('{SSHA}'):
#         salt = os.urandom(8).encode('hex')
#         kwargs['instance'].password = '{SSHA}' + base64.b64encode(
    #         hashlib.sha1(obj.password + salt).digest() + salt)
#==============================================================================